Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container
🔗 CVE IDs covered (20)
📋 Description
CVE-2015-2716 — expat: Integer overflow leading to buffer overflow in XML_GetBuffer() CVE-2015-8035 — libxml2: DoS caused by incorrect error detection during XZ decompression CVE-2016-5131 — libxml2: Use after free triggered by XPointer paths beginning with range-to CVE-2017-15412 — libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c CVE-2017-18258 — libxml2: Unrestricted memory usage in xz_head() function in xzlib.c CVE-2018-10360 — file: out-of-bounds read via a crafted ELF file CVE-2018-14404 — libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c CVE-2018-14567 — libxml2: Infinite loop caused by incorrect error detection during LZMA decompression CVE-2018-18074 — python-requests: Redirect from HTTPS to HTTP does not remove Authorization header CVE-2018-20060 — python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure CVE-2018-20852 — python: Cookie domain check returns incorrect results CVE-2019-3820 — gnome-shell: partial lock screen bypass CVE-2019-5436 — curl: TFTP receive heap buffer overflow in tftp_receive_packet() function CVE-2019-9924 — bash: BASH_CMD is writable in restricted bash shells CVE-2019-11236 — python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service CVE-2019-16056 — python: email.utils.parseaddr wrongly parses email addresses CVE-2019-17041 — rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c CVE-2019-17042 — rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c CVE-2020-10691 — Ansible: archive traversal vulnerability in ansible-galaxy collection install CVE-2020-10729 — Ansible: two random password lookups in same task return same value